The recent news that India would be joining hands with the United States to crack down on Cybercrime is a welcome move for the Indian private as well as Public Sector companies since India has been vulnerable and has constantly been targeted by the hackers in the last few years.
India being seen as “soft-target” and vulnerable to cyber-attacks has jeopardized its reputation as a trusted partner. Hence this move by the Prime Minister Modi is a step in the right direction. However, if the cybercrimes are to be reduced and controlled, both the interested parties need to analyse the root cause for these frequent cyber-attacks and the so called “Hacktivism”.
Over the years, India has been acting as an IT hub for many US based companies through a business outsourcing model for economic advantages like low-priced skilled manpower and lesser infrastructure costs compared to the native US markets. This has worked in India’s favour so far, in terms of creating thousands of job opportunities and bringing in the dollar revenue. So far so good!
However, if India still desires to keep this edge over the other competitive markets like Europe and some countries in the Asia Pacific region – e.g. Philippines, there needs to be a paradigm shift in the outlook towards its own internal security aspects. I would look at it as more of a cultural issue rather than a technology issue and would recommend the following:
- Let’s be Proactive rather than being Reactive: Enforcement and adherence of laws, policies, regulations and variety of compliances has always been a challenge for the government and public sector enterprise in India since the other bigger political, socio-political and economical issues take the precedence and cyber security takes a back seat. So though there is an intent, it has not been driven from the top. Now the scenario seems to be changing with the Government of India taking cyber wars as the priority issue and setting up measures to curb it.
- Adopt Security as a Culture and not a Burden: Private enterprises have issues like the leadership acceptance and commitment towards the security and pushing the same enterprise wide. The resolutions would be to allocate compulsory budgets for cyber security, build competence through proper education & training and absorb security in the “Business As Usual” activities. Make everyone participate! The “ROSI” i.e.“Return on Security Investments” will fetch more yield in the long run as compared to “ROI”.
- Get Out of Jugaad: In the Indian context “Jugaad” is a term used for easy workarounds, easy solutions, and quick fixes to get things done. This is mainly because of the weak execution and enforcement of policies. But let us not forget that “Jugaad” is antagonistic towards the cyber security.
- Inculcate Cyber Awareness in School Curriculum: As they say “Habits Die Hard”! So unless the awareness is taught at the very basic and primary levels it would be difficult to preach and enforce it at a later stage. This is what we are experiencing today.
As an information security professional, I am pretty optimistic that if we take appropriate measures to take care of these cultural concerns and spread awareness as a mission, India would not only remain the IT hub for rest of the world but also be a proud and trusted partner sans these cyber and other security threats!
The article was first published here https://www.smbsecurityguide.org/changing-indias-security-culture/ and has been reproduced with the permission of the author.